Hello everyone, and thanks for coming in to the System Imaging session at WWDC 2009. I'm Jussi-Pekka Mentere, I'm the engineering manager for System Imaging Team. Later I'll introduce Brian Nesse who's the lead engineer on the team, and here's what we're going to cover today. So our agenda, we'll talk about what is system imaging, what do we create.

So we'll talk about NetInstall images, NetBoot images, NetRestore images, what's the difference between the three. We'll talk about new features in System Image Utility version 2. We'll talk about how to boot into those images, and we'll look into some under the hood kind of things like internal server, NetBoot, how to tweak things a little bit out of the ordinary. So let's go into the image types that System Image Utility creates. So NetInstall, what is a NetInstall image?

This is an image that installs a Mac OS X from a network volume, so this is almost as if you had a DVD in hand and instead of booting locally from the DVD, you boot over the network into the installation DVD. And this gives you all the flexibility of installation so you can create NetInstalls from DVDs, and the DVD source can be either a shrink-wrapped DVD or it can be a DVD that came with the hardware that you just received or purchased.

The NetInstall environment allows your users to customize their installation entirely. Your users can choose packages which they want to install, which they want to opt out of. So some people may not want to have the whole set of printers installed, so NetInstall gives you the option to tweak every package selection for individual installations. And NetInstall also allows you to install custom packages that are site specific.

So you may have something like third-party software pieces that you would want to include, or even Apple software you would want to include in the installation set. Xsan or Apple Remote Desktop, CS4, or Microsoft Office or whatnot. So anything that's packaged into an Apple package maker, you can add into NetInstall image.

The second image type is then NetBoot. NetBoot boots a computer into Mac OS X. And again, the NetBoot image can be created from an installation DVD or you can use an existing volume that's already been installed and use that as the source to create the NetBoot volume. In the NetBoot environment, all the systems boot into an identical copy of the operating system. So if you have two machines, 50 machines, 500 machines, they all boot into the same exact copy of Mac OS X on that NetBoot volume.

And if the NetBoot system is rebooted, all local changes will be lost or reverted. So no matter what changes happen during the run time of the NetBoot session, anything that the user has added, installed applications or modified any files on the NetBoot volume, those changes will be reverted back to the initial state of when the NetBoot image was created. If the user is using network homes, so the user logs on into an Open Directory/Active Directory account, of course the user's data will still reside on the network directory.

But any of the system changes will be reverted back. And one very special thing about NetBoot is Diskless NetBoot. So what Diskless NetBoot allows you to do is to unmount local volumes. And why is this useful? So if you have some issues with let's say hard drive diagnostics or you need to do some other maintenance type operations against the hard drives on your systems or on the target systems you care about. Diskless NetBoot allows you to unmount every single local volume and reformat them. So this is effectively booting into an external hard drive, but over the network. NetRestore. And this is not Mike's [phonetic] NetRestore.

NetRestore is what used to be the NetInstall of a volume. So this refers to specifically a hard drive volume copy across the network onto a target drive. So NetRestore images can be created from a master volume, so this is your GUID Mac or your monolithic system image. Or you can also create a NetRestore install set from DVDs plus packages.

So NetRestore can also use ASR to transport the packages over the wire. So if you do a mass deployment of 50 or 100 machines, you can reduce the network bandwith by using Multi-Cast. You can have some post restore actions such as setting computer settings or doing computer binding to directory systems. So when would you use NetInstall? NetInstall is at the moment the most flexible way of deploying Mac OS X in a larger environment.

This gives the users the option to opt in, opt out of any packages, and it's effectively booting the system off DVD. This supports upgrade installs, so if your users already are using 10.4 or 10.5, using NetInstall images allows you to upgrade the systems as opposed to fully replace the environment using disk image or asr source. So NetInstall is quite flexible, and NetInstall is created, as I mentioned, from an installation DVD either shrink-wrapped or something that came with the CPU.

And it can optionally include packages that are site specific, your application packages or other customization packages. So a package could also include startup items that run at first launch or first boot of the target system. So NetBoot again, can be created from DVD plus packages, or a volume plus packages. And when would you want to use NetBoot?

Well if you want to have a very known configuration across multiple systems, then the easiest way to keep them in sync in a live environment or in some corporate environment is to NetBoot all the clients in a single image, and all those clients will always get the exact same copy of image no matter what.

When they restart, they get back to the original image, so there's no delta between what they booted into yesterday and what they booted into today. And it also allows you to do diagnostics. So within Apple, our IS&T department has created images where you can boot into a diagnostic image that includes tools like Disk Utility, Disk Warrior, other third-party tools for diagnosing the target system.

So this allows users to boot into a known good OS image if the hard drive has totally failed, so they can recover their logically corrupt hard drives using an image over the network and diagnose the issues there. You can also do a remote help in that kind of environment if the image that you've created includes Remote Desktop access. So you can create a NetBoot image that allows your help desktop employees to target the systems that are booted into the NetBoot images and then use ARD to connect to them and figure out what may be causing the issues on the user's system. So then finally NetRestore.

NetRestore again can be created from DVD plus packages. And commonly, this is now referred as the InstaDMG workflow. But this is really just creating an ASR image, a NetRestore image from an installation disk plus packages. So what is the benefit of this So assuming that all of your customization for your site-specific stuff happens in packages, no matter what kind of CPU arrives - like you may have bought the MacBook Pro 2009 summer, I don't know, WWDC edition. So once those systems start arriving, your older operating systems will no longer boot those machines.

So if you had used the workflow to create an ASR restore volume from a DVD plus packages, the first system that arrives, if you apply that same workflow against the DVD that arrive with those systems, you have an up-to-date NetRestore volume ready to go and restore any MacBook Pro that arrives.

So it's one-time image create, and then you can restore very efficiently and very fast from that ASR image onto any MacBook Pro that arrives. And of course, we still support creating NetRestore images from volumes. But the big thing here is really creating NetRestores from DVDs and adding packages that contain all the type-specific changes that you have made. So a little bit about System Image Utility. So SIU is the Apple de facto system image creation tool.

This is something that stays in sync with the operating system. No matter when, you should always be able to use SIU against the current OS that you have, so released OS. Developed previously may have some issues but still. If you have 10.5, you use 10.5 System Image Utility.

If you have 10.6 you use 10.6. And you can always create NetInstall, NetBoot images. And now with 10.6 Snow Leopard, you can create NetRestore images. So we go to great lengths to make sure that all the plumbing that you are not exposed to stays current and working, whatever changes happen in the operating system, SIU is the first to adapt to those changes and make sure that image creation continues. System Image Utility also integrates with core OS X technologies such as Automator, so we leverage Automator heavily, as in we built the application out of Automator actions.

And obviously it's integrated with Mac OS X server. So vending images is extremely easy using System Image Utility when we create the image folders, those can be directly copied into Mac OS X servers, NetBoot share points, and surfed from there. What are the new things in Snow Leopard? The NetRestore image type. This is really the big change, and the major shift of focus is really the workflow to create NetRestore images, ASR, Apple software restore images out of DVDs and adding packages to that, that's big.

And we really see that as a huge, huge improvement over monolithic system imaging where you have a GUID that then gets out of sync with whatever new hardware comes around. Also new in Snow Leopard, we improved the directory binding, so you can still do it by computer. But we now also support authenticated binding. So if you need to do AD binding for your computers, we now support authenticated binding where you can plug in the directory admin or the computer record creator account information into System Image Utility, and it'll just work.

Yay.

Thank you. We worked hard on that. NetRestore sources. Not only can you use a system image that includes the image itself that it's going to restore, so this is wrapping an ASR restore volume into a NetBoot environment. So that may be like 6 GB or 10 GB image that self-contains the image. There's also an option to include just the booting environment and then refer other sources where to actually restore the image from. So yo can use HTTP sources, you can use ASR Multi-Cast streams, so something that is not embedded into the image itself.

So using a very lightweight boot environment that then restores any variety of sources and includes also support for Bonjour discovery. So if you have images that are transient on the network or you just want to have one single image that contains no images in itself, points to no other source on the network, you can put up a Bonjour registration on the network, and the restore mechanism picks that up and shows that as an available restore source.

And when all the system restores have happened, you can take down the Bonjour registration, and if anyone boots into that image again, they'll just see an empty shell without any images to restore for it. So that's Bonjour discovery. We've improved the Automator support, better support for variables. So if you use System Image Utility workflows from the command line, now variables are more of a useful feature than with the way before.

So now we can actually create an entire disk image with all the settings for source and target and disk name and index and whatnot through variables that you can plug in from the command line. And we've included support for - well we haven't included, we support Automator services.

So Automator has now a new workflow type that integrates with the services featuring OS X where if you create an image creation workflow within the Automator application, you can save that as a service and then use that through contextual menus in the OS. So let me show you a couple of screenshots.

Here are some new actions that we built. NetRestore basically is a third option now, here it's shown as using a disk image as the source. And as you can see, we can customize the target volume name and this basically replaces the old feature where we created a NetInstall from volume. So if this was a volume source, instead of doing an install from volume, we now do a NetRestore image from a source volume.

Directory binding. Here you can plug in the authentication information. If the directory that the system is bound to doesn't require authentication, it's optional. If it requires it, it'll be marked as such. And Brian will go through this action in a little more detail in his demo. Custom NetRestore sources.

So here's a way to create a lightweight NetRestore image that includes just the booting OS and the application that we'll perform the ASR restore without any images in the image itself. Here you can plug in HTTP sources or ASR sources, and you can define whether or not to look for Bonjour registrations for these sources. And there's also an option for the user to type in a URL that they know is a valid restore source.

Automator variables report. So here we can plug in variables into the appropriate fields and then run this from terminal or cron jobs or launchd. And here is the Automator services. So if you've used Automator in the latest Snow Leopard builds, here's where you'd actually create a service workflow.

Once the service workflow is defined, you'll access it using contextual menus, so here's a workflow that applies to an installation disk. So when I Control-click on that volume, I can now create a NetRestore image from that without any user intervention. So you can probably use it for a way to save this as, or some other details, but this could be entirely hands off.

Create the workflow once, save it as a service, and whatever new disk image you get, apply the workflow or apply the service against that disk image source and you have a new NetRestore image. Really powerful stuff here. So let me invite Brian Nesse up and he'll show you some of the new actions.

OK, thanks, Jussi. Let me get the demo machine on here and all set up.

OK, good. Let's see if we can get this to - I should make this a little bigger for you here. OK. So when you launch SIU you're going to see a screen that looks something like this. You see I've got A volume here and it's offering me the option to make either a NetBoot or a NetRestore image.

If I select this Install Image here, you'll see it gives me the option to do NetBoot, NetInstall, or NetRestore. Real simple workflow here, you just say continue, it's going to ask you for some data, the network disk, which is what your clients are going to see in the Startup Disk. Description, which is just something that the server administrator can see in the server admin software.

It's going to ask you for your account name, so I'm just going to give it that, give it a password, and say create, agree to your software license. It's going to ask you whether you what do you want to save it as, and it's going to ask you where you want to save it.

Now since I'm doing this on a configured server, it's gone out and found my share point and said oh, here, this is probably where you want to save it, so why don't you do that? You may want to do some customization to your images, and in that case, what you're going to want to do is instead of clicking Continue and taking the easy route here, you're going to say Customize. Again, the software license, and - oh, that's not going to work.

All right, let's get that - OK, there we go. Now what this is going to do is open up a workflow, and you'll notice that these three actions here are very analogous to what we just did in the assistant. We've got our sources, we've got our place to put in our user and password. And then down here we have our selection for what kind of image we're going to create.

There's a couple of extra things here, we've got the installed volume, which if you're doing like a NetRestore or in some of the other scenarios as well, you can give it the name of the target volume that you actually want the clients to see when they boot into it. Again, we have the share point here where I want to save it, the name that I want to save it as.

Down here we have some stuff that's pertinent to the image itself, so again the name that you're going to see in the Startup Disk. And image index which we randomly assigned in the assistant, this gives you a little more control if you want to try sequencing your images or something, and then again, the description.

Now we've gotten some feedback, we heard that some of you wanted to be able to make install images that would simply boot into the setup assistant, so this action here is now optional. You can take this out and this will simply produce an install that, when it's done installing, it will go into Mac Buddy just like it would if you had had it installed from your CD.

So let's move on and talk about some customization options. The first one we've got is Add Packages. Say if you've got internal developers, you might want to be able to have Xcode preinstalled on your system, so you go into your OS Install and grab the Xcode package and add that.

Something else you might want to do, if you have a lab or you need to manage a lot of systems, you might want to have something like ARD installed on it, so we can also add that. And once you've installed ARD, the next thing you're probably going to want to do is to configure it so that it is active on startup, and I have a script that does that, so I'm going to add this too.

So this is a post-install script that will get executed after the installation is completed. So we've got a bunch of packages now, so now maybe we don't want the packages installed as they are when you boot into the installer. So we offer customized package selection, and this takes a little while to boot up because it's actually reading through all these packages and searching out what they've got in them.

So you'll see that we've found -

Thanks.

And so you'll see we've found not only the install disk here, but we also found the Xcode package and the Remote Desktop package. I'll open this up here and make this a little bigger so you can see it.

So you see this is kind of a daunting interface but there is a reason for it. If you've done a system installation, I assume most of you have, you've probably seen something similar to this, you go into the printer support and you're going to see something like Nearby and Popular Printers which is going to be selected by default. If the default checkbox here is not selected then this is an item which is not going to be selected in the installer by default when you boot into it. So in this case, All Available Printers is not selected by default.

If you wanted to edit this image and say by default you wanted those extra printers enabled, you could turn that on, and then when this workflow runs, when the client boots into it, that will be a selected option when they initially bring it up. On the other hand, you may not want that extra gigabyte worth of printer drivers, so we have this visible option. And what this does is defines whether the person running the installer actually gets to see this option or not. So you can completely eliminate their ability to put in all available printers by simply turning this off.

What this will do is set it up so that they aren't getting it and they can't see it. And alternatively, if you want to say guarantee that they can't turn off Nearby and Popular Printers, you can do this. So now what this does is it hides the option so they can't access it, but now it is selected which means that it will get installed and there's nothing they do about it. You may have noticed here that we have this Printers Used by This Mac which is disabled, I can't click on it. All that means is that this is a required package.

So if you want printer support, this is going to get installed no matter what. And you kind of notice here that it sort of correlates to Nearby and Popular Printers, so just in case you missed that. And you'll notice Xcode, you can do the same thing, we have defaults and not defaults, invisible, and disabled things that we can't change. So that's the install customization. The next thing you might want to do is after the install, you may want to apply some system configurations, and we do that with Apply System Configuration settings. Here is, Jussi was showing earlier where we have the AD and OD server bindings.

If you want to bind a server you simply check that, add a server to your list. You'll see I have an Open Directory server here, the user and password are optional. The Ethernet address here is also sort of optional. If you want to - I'm sorry. You're going to use this probably in a lab environment, say you're making a NetBoot image, you're going to have a bunch of clients booting off this. The Ethernet address, if you have say three machines that you want bound to this, you'd put in their Ethernet addresses in here and then those three machines would be bound to that server.

If you just leave that empty, then it will apply that to all of the computers that get booted from that NetBoot image. And then again to refer to something you see mentioned earlier, if I select my Active Directory server here, you'll notice that it hints here that these are going to be required. And if you don't put them in, you're going to get a non-functional binding.

The next thing you might want to do, especially again in a lab environment is to apply some sort of computer naming to your systems. This is real simple, you just import a file and you're ready to go. So this is the mystical computer naming file, and it's a very simple file, it's just a text file tabbed limited, four fields.

The Mac address of the computer that you want to name, a host name that you want to apply to it, a computer name that you want to apply to it, and a Bonjour name or local host name. And what that corresponds to, just in case you're not aware, is in the sharing panel here, computer name, this field here.

And the local host name or the Bonjour name here, this field on the end. The other thing of note about this file is that these last two fields are optional, so you'll see here in this second entry, this computer is going to be assigned a name, but it's going dynamically configure its local host name, which it will do based on this.

And on this computer here, we have assigned nothing, so it is going to simply default to whatever the machine might have currently set up on it. You'll notice that all of these have host names configured. If you're in an environment where you say have maybe DNS and DHCP servers running and you're already assigning host names, you can use this automatic key, and what that will do is sort of allow you to skip the host name field. So this will basically tell this machine go do whatever the servers tell you to do and then apply this computer name and this host name to it. So that's the structure of that file.

Let me get this back up here. So that's pretty much what we've got for the options for configuring your install. The next thing you probably will want to do is actually configure your install time, your run time installation. And we have a couple of actions to help with that. We've enabled automated installation.

Now what this will do, if you drag this in and run this as is, when your client boots into the installer, what they're going to see is the installer is going to come up, it's going to say where do you want to install this? And they're going to select a volume, and then it's going to run an installation completely unattended.

So what that means is that whatever you set up up here in your defaults, is going to get installed on their system with no interaction from the user at all other than selecting which volume they want it on. Now if you want a totally unattended installation, you'd select this name here and pick a hard drive, and what that'll do is now you have a totally unattended install.

What's going to happen is it's going out there boot into the installer, the installer is going to look, it's going to find the drive Name/Macintosh/HD, and it's going to lay the system down on top of it. Now you have the option of either doing an upgrade install or doing an erase, a clean install, both work effectively the same way, and then you can also select the default language that you want the system to boot into.

And if you want to take erasing the hard drive to the next level, we also have the Partition Disk option. And what this will do is present a little app up in front of the installer which will basically say hey, you want to partition your hard drive, please select a drive and then you can take a single-partition machine and give it multiple partitions, or you can take the machine that has multiple partitions and wipe it back down to one. You see this looks kind of familiar, this is basically ripped off from Disk Utility because we kind of figured everybody knew what that looked like. So you have a place to put in your volume name and a place to pick your format.

Where we differ a little bit is here because what we do is basically since we don't know what we're about to destroy, we sort of give you the opportunity to just make it do the right thing. So we allow you to just say, give me two volumes each of which are 50 percent of the drive, or you can say, make this one 37 percent and t7hat one 62 percent. The other thing you can do is make one volume an absolute size so you can say make this first one 20 gigabytes and then make the other volume the rest of the disc.

And again, this also has a don't disturb me option, you can say partition the disk containing a volume, give it a volume. And what this will do is similar to the installer, it'll boot up, it'll find a volume, it will take whatever drive that volume is on, and repartition it as you've dictated. Now one thing you've got to be aware of in is if you're using this in conjunction with the enable automated installation, you need to make sure that you put one of these volumes in here, because otherwise your installation will fail.

Had that happen, it's not good. So that's what we've got for customization for the installation. Sorry, lost my train of thought there. The next thing that we have is when you're actually in the user environment, we have a couple of items that we can use to help you customize what your user is going to see, and that is these two filtering actions, and these again are real simple, Filter by Mac Address simply takes a list of addresses and makes either a black list or a white list out of it as to which computers either can or cannot see this particular image. You can also import these from a list, or you can just type them in directly, and it'll give you a little template here.

And then the Filtered Computer Models down here, this is if you want to make an image that is specifically for a class of machines, say we want to look for MacBooks, I can make an image that will only be visible to clients who boot into my server with a MacBook error for instance. So that is pretty much what we have for actions these days.

You've created a workflow here, this is basically an automated workflow, you can save it and you get a workflow. If you run this, we have logging going on here, I see we've been selecting a lot of volumes. And the logging, our big preference panel here of two preferences where you want to save your workflows, and what level you want the log at. And hopefully you don't need any more than verbose if you're having problems, debugging is useful.

That's about it. Real quick, I'm going to flip over to Automator here and show you. If we want to make an Automator service here real quick, I don't know if any of you are familiar with Automator. This isn't particularly different, you'll see what happens is you get this little box up here that has a couple of options, and what we're going to do is make a quick one here out of a System Image Utility workflow, we're just going to make one that works in the Finder with folders. Go down here and grab some actions, we're going to make this real simple, we'll just take a Create and a Define. And then of course there's the important part we need to tie in to this.

So what we're going to do here is take the input that comes from the Finder, we're going to put it into this source volume variable, and then we're going to put that source volume variable and pass that on into our Define Image Source. And then we're going to put some say -- get this down. And then we're just going to give it a name, and a Startup Disk name. We've got an image index.

And then we just would simply save this - I've actually created one ahead of time so I'm just going to show you what it looks like here. If I Control-click on this volume, you'll see that I have my service here and I just select that. And what it did, I'm not going to run this because it will take forever.

But what it did is it basically took Mac OS Install DVD, passed it into my Create Image action, which is now asking me to authenticate as administrator so that it can go off and build its image. And that is what I have to show you, I am going to pass you back to Jussi here who is going to talk to you about what you're going to do with these images now that you've created them.

Do you want slides?

All right. Thank you, Brian. So that's SIU 2 in system images of the two in Snow Leopard. So significantly improved over the older version we had in 10.5. And again, 10.6, System Image Utility creates images from 10.6 sources, so Snow Leopard tools for Snow Leopard images, Leopard tools for Leopard images.

So booting into images. I was just doing some math back there and I counted like how many ways are there to boot into NetBoot images. I counted like seven. Startup Disk. So Startup Disk is by default the easiest way to get to your NetBoot images obviously. So these has a couple of constraints though.

The NetBoot image has to be on your local network or you have to have DHCP helpers assigned so that you pass on the DHCP packets or requests over to your NetBoot server that's not local to the network. You can also use Option Boot or using the Startup Manager, so this is holding down Option key while you start up your system and on internal hardware you can also do Option and then holding N key, that'll go into a default mode, so basically we're just rediscovering the image on the network.

Bootpd(8) relay is an option to basically reroute the DHCP requests that are not passed on by DHCP helpers and routers. So if your ISNT administrators or network admins are reticent to about setting up DHCP helpers, well, more power to you because you have the option to set up a system on your network.

Some lowly Mac mini or old PowerBook G4, run Leopard or Snow Leopard on it and configure a bootpd relay on that system. Basically listening on anything that's coming in on DHCP requests and then forwarding those requests onto your NetBoot server on the [inaudible]. You can also bless systems from the command line, so you can use bless to opt in for NetBoot through the - - service I think, and you can also set explicit nvram settings to boot over the network.

And there's also a com.apple.Boot.plist way to do NetBoot, basically saying that my route device is on the network, and knowing where the route path is. And on Open Source there's a version of the boot services discovery protocol client, so bsdpc is the boot service discovery protocol client that also allows you to do similar things that you would use Startup Disk for, effectively selecting any given image that the system has visibility.

So here's Startup Disk, how it looks like. So in the default mode, you have Startup Disk with a few images and some nomenclature that's changed, so the network startup is now called the network disk. So this is the new name under Snow Leopard, I think we called this "network volume" before.

And if you hover over the image, so what this gives you is information where this particular network disk is served on. So this gives you the server address, offering this image up on the network. And if you happen to find a network disk that has a name that doesn't fit in the window, the name is still shown in the blurb under the scroll window. So you can still tell what the image is actually called.

And if you have more than six images on the network, like you have multiple, multiple different choices to install or NetBoot or use NetRestore from, then you will actually get a list view where each individual server is identified and the image types are identified. So the image types are effectively either NetBoot of Mac OS or Mac OS Server, or NetInstall of Mac OS or Mac OS X Server.

And bootpd relay, so this is something that was introduced in Leopard, and this ships on both client and server. So if you ever set up Internet sharing on your desktop with Leopard or later, you've actually used a bootpd service or bootp service on your system. And the bootpd daemon also supports relaying the DHCP requests. So this takes in the NetBoot requests or the bsdp requests that are coming in on your network and then forwards then on to whatever servers on your network are the actual NetBoot servers.

And this can be configured on any machine, it doesn't interfere with your DHCP operation because this only listens on DHCP port, but doesn't necessarily vent out authoritative DHCP information. It only passes packets on to some other servers acting as a gobetween or middleman. And to bring up bootpd, you'd use launchctl to load the bootpd.plist, and that's it. And here are the options for doing NetBoot from the command line.

So as I mentioned, you can use bless, you can use nvram, you can also do manual edits of com.apple.Boot.plist, or you can use the bsdpc command line interface that's available for personal compiles through Open Source. And a little bit under the hood. So how does NetBoot, NetInstall, and NetRestore, how do these all work? If you've ever looked into let's say the Mac OS X installation DVD, you'll find that there are things there like rc.install or an install config.

If you've ever looked into images that System Images Utility has created, you will find things like installer's choice changes, or you'll find install preferences. So these are files that basically determine how that particular image is to be treated when a user boots into that. So I'll go and show you a little bit how these actually work all together.

So let's go to this machine. So first off, a little bit about diagnostics. So if you've ever tried to diagnose why does NetBoot not work, so the first thing you'd want to know, do your clients actually start up at all? You see the blinking icon and like something goes away, and you figure what the heck, like do I need to get a network packet sniffer or do I need to do a port metering or whatnot. The easiest way, the fastest way to quickly diagnose if NetBoot is working at all from the server towards the client, is look at some of the system logs.

So what I've done here is I've configured SysLogConfig to basically log everything. So I've added *. *, so this means that every single message that's coming in through the Apple system log facility will get in a file, so I've kill -HUPped syslogd. So if I was just editing this for the first time, I do a kill -HUP or kill all -HUP syslogd and now I have a debug log, so that's plenty of stuff. So now we can look for specifically what's related to NetBoot. NetBoot uses two services, so this would be the bootpd process, so I egrep bootpd or I will call tftp.

So on a different system, so I let that run here and I go to a different machine and use Startup Disk, actually I can probably show you this. Yes. So I'm on my network, great. In Startup Disk I have some network disks. So here I've selected the network disk, so if I look back on the server, I see that there were DHCP requests that came into the server and this is as we can tell, Marina demo two.

So in this package space you could tell that some system on the network was trying to discover which images were available. So I'll go and boot this machine into those images, so restart, and we don't have stream mirroring here because we're doing dual ports, so I'll just go back here. So now the system is rebooting, it'll come back on the network in a couple of seconds, and I'm still looking at a blank screen here. OK, now I heard the tone, so now I get the screen, I get the globe soon.

Do I get the globe? And we should see this in the slide here too, so whenever the system is actually live, there's going to be a DHCP request and there we go. So we get a DHCP offer and we can actually stop there. So that's all the interesting bits we saw. So we know that there is a client that received a DHCP offer and that is the boot services discovery protocol offer. And that told that hey, here's this image available for this machine, and go and start booting up from it.

And for tftpd, we actually some extra logging enabled, and this tells tftpd to log every single file push that goes out from the server. So if you see any broken globes in your network environment, and see like something not booting into the NetBoot images properly, and you think that it might be a different server that's vending images or your clients aren't getting the images from the right server, then here you would be able to tell on any given NetBoot server, if you see that tftp traffic from the server, then you can know that at least the booter and the kernel were pushed out to the client. So those are the minimum requirements for anything to work for a system to boot. So this is at least some awareness of a working NetBoot environment.

If you don't see these requests go out from the server, then you know that it's time to get EtherPeek or Wire Shark or other more involved tools. So that's just a quick summary. And one thing that caused this tftpd logging to happen is a configuration in system/library/launch/daemons/tftp.plist. So here you can see that this is actually -I.

Whoops, let me quickly undo that. -I. And this is not the running configuration, so the running configuration would be having -I-L. So -L in the tftpd configuration tells the tftp daemon to log every transaction, and these logs are only applicable when the debug login is enabled for the system log. So that's quickly a - whoops, there we go. Quick recap of how to fast-diagnose NetBoot boot issues. So let's go into blessing them.

So as I mentioned Startup Disk is the easiest way to select NetBoot images. So here I have Startup Disk and I'm going to see the same images that were shown on the other system already. But I can also do most of these things from the command line. So if I bring up terminal in this environment I can use bless - - NetBoot - - server, and then call bsdp://. And I'm going to just use a broadcast address, find me a server somewhere, or I can also do explicit paths telling that use a booter, so - - booter and then a path to tftp server-path-boot.dfi.

And I'd need to pass another argument as well, so if you look for documentation on a network you'll find all the different combinations you have. One of the options is called the options, where you'd tell the route path, and route path equals something like NFS;server and path, and then image.dng. Actually that's not correct, but we're not going to boot in, so that doesn't really matter.

So here's a bless command and you could also do this using nvram selects. So if you do nvram boot-args for example, you can say boot-args equals route path equals NFS;server volumes path image.dng. So there are multiple ways in the command line to have the system boot into NetBoot images.

And the last one I'm going to show from the command line is a tool that's embedded, included in the OS, available as open source, this is the boot services discovery protocol command line client. So what this does is effectively the same functionality as Startup Disk, so this sends out a DHCP request out to the network and back comes all the images that are available. And from here you can choose which image to boot into.

The way you actually get access to this is from Open Source, so this has been part of Darwin for quite a while. If you go to opensource.apple.com and find the project called Bootpd or Bootp, in Bootp the application bsdpc is the command line, Boot Services Discovery Protocol Client. So if you compile this binary, then you should have a command-line version of Startup Disk for selecting which network disk to boot from. So those are the ways to boot into an image.

So we've booted in an image, so I've installed a couple of sample environments here, so I have two machines that are now booted into NetInstall, I call NetInstall target one, and NetInstall target two. They're booted into identical images, so I have three images on the network, NetRestore, NetInstall, and NetInstall Auto. I am vending these images from a library that has just three images.

So nothing up my sleeves, there are really just three images out there. So what I'm going to show you is how you can actually customize some of these runtime behaviors dynamically based on how these clients boot up. So let's say I wanted to have a single image and tailor the packages that are available or selected by default for each one of these clients. So here I see that both of the clients get identical settings.

Customize. So here are two images, so the package selections are exactly the same. So actually I've built a web server that includes customizations per these clients and I have choices that I've made before, so if I look at my choices files, these are basically external files that are traditionally embedded into those images.

But if I move them into my web server directory, these clients will actually pick them up. So now they have two files called NetInstall and this is basically just the Mac address of the client. So let's see what happens when I boot these clients into this. So this will restart that one and let's see - In the meantime we can see this guy come up. So if the other machine was still working as well, we'd see two machines now booting up parallel, and on the web server side.

So if I'm looking at my Apache log, I can see that there's now been a request for a NetInstall configuration. So basically this disk image that just came up went back to the server and requested a file to be downloaded from the server, that then told this client how to configure this installation.

So now what's the difference? Now when I go into our customization settings, when I bring up the package selection again. I think we're using tired squirrels, it's already Thursday, so They must be working overtime now. OK, so we go here, and so this is exactly the same image as this system was booted to before.

But now the difference is that this guy will have custom settings. If you notice before, I may still have this other window open, do I? Yes. So if I click Customize - hey, that's a good terminal. That's why I left it open there, it was intentional, yes. You can tell that there were some changes into the packages.

So what happened is that the file that was downloaded here applied some settings into this image, so what it applied was a list of choices that tells this client, tells the installer, what packages to include and what packages to exclude. And actually I believe in language translations, we only use Japanese. Whereas in the default case, this would be - OK, can we do this, no. This would have been all languages were selected by default. So how does this work? So we want to get rid of this guy. So how did this actually get working?

So what happened was that when this client came up on the network, it went back into the server, so this was one of the files that was mentioned on the slides. So if I go to etc and look at one of these files, I see rc.install. Now let's use less. So this is what gets run when the installation starts. And you'll notice that there's a file called sourceALocalConfigurationScript called rc.cdrom.logo. So if that file exists, then let's read it in.

Let's see what happens in rc.cdrom.logo. It looks like we're pulling up a file, so we're reading this system's Mac address and then we're going back to a known HTTP server. We're running a CGI and passing in the Mac address as an argument. And apparently we're getting some file back that we're putting into /var/run. And in this install environment, we actually have writable file systems. So if I look at what systems are mounted here, I can tell that /private/var/run is actually a mounted RAM disk that I have write access to.

So why is it called /var/run Mac OS Installer? Well what System Image Utility built, when this image was built, there's a file called Mac OS Installer Choice Changes. But it's actually a symbolic link, so this symbolic link points into the /var/run directory, so whatever is put into this location dynamically at runtime, is the effective settings when this machine is booted into that image.

So that's one way to customize any system on the network with minor tweaking and this is really like propeller-hat time, I forgot my pocket protector and my beanie cap which would have been totally appropriate here. So that's installer configuration. Let me show you a little bit about other image types that we have. So let me kill this guy. Actually I should have done this here.

Shut down -h now, and then we get rid of this, and that system goes away. And then we'll try to bring up a couple more images. OK, so that's gone. Let me bring up a NetRestore image then. OK, we don't have a DVD installed right now, let me bring up another one.

And again, both of these images are booted identically. So these are both booting from the same network disk image. And I presume that eventually all this material may end up with Joe and Josh and fp548 or mac.enterprise.org or somewhere. I wouldn't be surprised at all.

And I seem to have lost my mouse now.

Yep. OK, I believe I was moving too fast and trying too many things. So that's practically how you can take other image types, and while these are booting, maybe we can see the first screen and then we can give it a go So let's see, I think the mouse just moved.

[inaudible]

Yeah. That's what you get for doing demos on a laptop. Yeah, it's convenient to carry these around, but yeah, we lose some performance here. OK, great. So now we have again two machines booted into an image. And again, identical images, no difference between the two. So I have a volume that's the Mac OS drive on this environment and same thing here. So no difference in behavior.

Both are booted from the XX [phonetic] image and this image is called - in my data directory I have NetBootSP0 and there's called NetRestore server. So let's see if I do the same thing again here, and move some settings around so I'm in my data directory there. And if I move NetRestore - oops.

NetRestore and NetRestore stuff on here, and then restart this, so what will happen here is that we'll get similar requests for these NetRestore images. And you notice like here the images were actually already requesting the settings, but they were not actually receiving any responses from the server. So if I was really adventurous about this, I would write a CGI script on the server that had fancy UI like Python, PERL, Ruby, pick your poison. And basically tailor your target systems based on whatever requirements you have.

In Lab X, whenever a system boots into a NetRestore image, it will always these streams defined or these packages installed. And if it came from some other environment, then we'd use a different source. And that way you could basically keep a stable image set that is tailored at runtime based on whatever requirements may change over time.

So this is quite a flexible way of using embedded data into the images and not having to churn out shell images again, but just changing the data that they reference. So here we can tell that I now moved into the NetRestore mode where I can pick from sources. So here I have NetRestore images that are sources on the network, and here are settings that are unique to this system. So I may have some settings that are applicable to all the NetRestore systems out there and some that are applicable to only this one.

So using this dynamic data download, you can have ways of changing the behavior of even NetRestore images as your deployment needs change. So here we can see like the same image without any customization applied, how it looks, and here's image with the customizations applied. So that's the advanced, advanced behind-the-scenes, how to tweak NetInstall images using tools that are already embedded into the OS, and going kind of above and beyond what's available in any current UI. And that's that. And let me see if we have time to do one more.

So let me try to bring up one image here. And I'm just going to bring up one and see if that comes up - and yes, they start. And it can't find the disk, OK. So here the goal is to do an automated NetInstall. And what would happen with an automated NetInstall is that if you have varying systems that may have different requirements, like they may have different target drive names or whatnot, you may not be able to use just a single static NetInstall image that applies to all your target clients.

So you can change some of the automated settings per system at the time when you know which systems are actually going to be. So I'll just show you what the issue here is that when you have variable hard drive target names, then how do you account for those using one of the configuration files that are embedded in the system.

So here I'll bring up a language chooser again, and let's go and see what the volumes here look like. So this is another operating system installation so this would be using Mac OS X Installer as opposed to ASI restore. And I have two target volumes. So if I wanted to install an operating system onto the WWDC target one system, and you can tell that they already have a target two volume here that's going to have WWDC target two as its drive name, how would I use a single image to image both of these using automation? So what I have is, if I go to NetInstall 397 I believe. So this is a file that tells that on this particular system, use WWDC target two as the volume, and on my other system, this is called target one.

So I have basically two files that pass on unique information to whichever client is booting at any given time. And on my image what I've done is I have a symbolic link again from the n install XML config file which is the trigger for an automated install, and this now points into the file that was downloaded from the server. So those are just three samples of how to tweak your system images using some customization that can be downloaded at runtime. So this would be similar to let's say some services like [inaudible] Studio or Mike's [phonetic] NetRestore or other tools.

But really the only things that I have done here, I've included two files on the disk and I've set up a web server. Everything else is stock Mac OS X system images or the created images. So the support for rccdromlocal, that's built in already. The symbolic links you can create into the disk image because that's read write.

But everything else is out of the box and working. So that concludes the demo, so I can move back to the slides, and let's do a summary. So what have we learned today? So System Image Utility 2. So big thing there is NetRestore images, and specifically with NetRestore images, creating system images from DVDs and adding packages to them.

So getting to an ASR restore volume from DVD sources and adding packages. Automator and Services, so better support for Automator actions and creating services from System Image Utility workflows, and how to boot into images using either Startup Disk or command line utilities. I didn't show you com.Apple.Boot.plist, you can find that in all your systems in Library/Preferences/SystemConfiguration com.apple.Boot.plist, self-documenting its a plist.

And above and beyond how to configure dynamically some install time settings using for example installer choice changes and using install preferences which was used in the NetRestore example. So for more information you can go to our Internet and Server Technologies Evangelist, Mark Malone. For OS X server documentation you can go to the Apple website, Apple training --